Threat observatory
Threat observatory
A multi-year read of the vulnerabilities in the apps and OSes Scout tracks (iOS, Android, macOS, Windows). We lead with the share of CVEs actually exploited (CISA KEV), a signal robust to NVD coverage effects, then add volume context and attack vectors.
All years
2026*
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2002
2001
Year 2016
- KEV share
- 0,0 %
- CVEs published
- 710
- KEV added
- 0
- Apps affected
- 0
Distribution by severity
Critical
104
High
413
Medium
138
Low
1
Unrated
54
Methodology
- Sources: NVD (NIST) for CVEs and CVSS scoring, CISA KEV for the "actively exploited" status. Scope: apps tracked by Scout (iOS, Android, macOS, Windows) and documented OS releases.
- KEV share: number of CVEs published in the year and present in the CISA KEV catalog, divided by the total number of CVEs published in the year (Scope: Scout).
- Dates: CVEs are counted by NVD publication year; KEV by year added to the CISA catalog. We never count a present "open" status; a time series relies on immutable event dates.
- Limitation (coverage): CVE volume depends on NVD coverage and the size of the Scout catalog, both of which change over time. Raw volume is context, not a risk measure.
- Current year: marked with an asterisk (*) and excluded from year-over-year comparisons: its figures are not yet consolidated.
Data recomputed on 2026-06-05 22:41 UTC.